<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-inline'">
<script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
        testRunner.clearBackForwardList();
        testRunner.dumpBackForwardList();
    }
    window.addEventListener('load', function() {
        setTimeout(function() {
            document.getElementById('submit').click();
        }, 0);
    });
</script>
</head>
<body>
    <form action='/navigation/resources/form-target.pl' id='theform' method='post'>
        <input type='text' name='fieldname' value='fieldvalue'>
        <input type='submit' id='submit' value='submit'>
    </form>

    <p>
      Tests that 'form-action' doesn't fallback on 'default-src'.
      If this test passes, you will see a page indicating a form was POSTed.
    </p>
</body>
</html>
